-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
4.15
-
No
-
3
-
False
-
-
Release Note Not Required
-
In Progress
Description of problem:
Cannot log in to cluster using example from documentation
Version-Release number of selected component (if applicable):
4.14.11
How reproducible:
Always?
Steps to Reproduce:
1. Follow example[0] 2. Attempt login to cluster UI console (http(s)) or API (oc login) 3. Fail
Actual results:
Identity provider example does not satisfy authentication requirements for logging into console UI and/or API
Expected results:
Identity provider example satisfies authentication requirements for logging into console UI and/or API
Additional info:
I was not able to log in with the example as described in the docs. Some troubleshooting led me to a kb article[1] that describes the use of additional parameters: challenge: true login: true Adding these to the oauth/cluster CR enabled the htpasswd identity provider to work. This may be by design since not all users may be allowed to log in. If that is the case, supporting notes of what to expect and exactly what this example enables (or does not explicitly allow: logging in via UI console and/or API) would be appropriate. Additionally, there is no documentation on these two parameters (or any other parameters for the htpasswd identityProviders) in the API documentation via `oc explain oauth.spec [...]`. It came down to spending time searching with Google etc. [0] https://docs.openshift.com/container-platform/4.15/authentication/identity_providers/configuring-htpasswd-identity-provider.html#identity-provider-htpasswd-CR_configuring-htpasswd-identity-provider [1] https://access.redhat.com/solutions/4039941